Hi,

I'm looking for a way of doing an auto-login in the portal.

I've a web application (own login) that has a link to the portal, and I want to bypass the login page of the portal and access directly.

What are the ways I can do that?
By parameter?

Thanks.

This message has been edited. Last edited by: <Kathryn Henning>,

Hi beffes,

You can use Single Sign On (SSO) with pre-authentication. This is described in the Security and Administration manual which is available at the WebFOCUS 8 InfoCenter.

In WebFOCUS Security and Administration Release 8.0 Version 08 is ‘Configuring Pre-Authentication With Custom Single Sign On (SSO) Solutions’ on page 235. Because we don't know anything about your web application with login, we can't yet give an answer if it is possible.

Cheers!

Kathryn

Hi Kathryn,

I'm trying to implement the solution on page 235, but with no luck.

We have a webapplication that is in IIS with a custom login.
In other machine we have webfocus.

We installed the isapi redirect for tomcat in the iis machine and its OK.

but the problem we are having is implementing the module, the will pass the username in the header.

Is there an example of how its done?

Thanks,
Bruno

Hi Bruno,

There are several things to check that are described in the following document:

Unable to access WebFOCUS portal using pre-authentication

Cheers!

Kathryn

Hi all,

I had to go another way, with java, so that I could get it working.

So now I have a filter that does the job...


Steps:

1. configure isapi redirect for tomcat in IIS machine.
2.asp.net webapp after login create a cookie
3. create a filter( .jar) that checks the cookie and if ok pass a header with username..


Thanks,
Bruno

Bruno,
It is great to see that you were successful using the servlet filter approach. I have written a filter following the info from dhagen and that executes fine and sets REMOTE_USER, but I still end up at the signin page. Did you also configure WF for pre-auth? If so, what did you configure specifically? From the filter, what header var did you pass? Did you set a session var or a query string var?
Thanks for sharing!
John

We got some help from Webfocus tech support:
Per our streaming session with you, these are the changes we made:
securitysettings.xml
anonymousAuthEnabled set to false

formAuthEnabled set to true (this allows the form to be accessed directly by url - http://server/ibi_apps/signin) set this value to false to disable the login page entirely.

preAuthEnabled set to false
j2eePreAuthFilterEnabled set to true (this setting tells WebFOCUS to retrieve the value of REMOTE_USER and use it for authentication)

From the WebFOCUS Administration console we made one change to the odin.cfg configuration file. We changed:
http://server/ibi_apps/
Administration -> Administration Console Reporting Servers -> Remote Services Select the EDASERVE bullet and click modify We changed the SECURITY setting from Advanced... to Pass WebFOCUS User ID and their Groups

Once we did this, WebFOCUS began picking up the hard coded value of your own userid that you had specified within your servlet filter code (we are setting REMOTE_USER).

We followed the above instructions and our filter started working. We did use the WF-provided wrapper code for the helper methods on the request vars. I expect you can get that zip file by contacting WF.

I think the key item that was not documented in the Security manual was turning preauth off and then turning the j2ee preauth on. The manual actually tells you do to the reverse of that for custom pre-auth.

quote:

REMOTE_USER

I did the same setup to configure custom security filter in WebFocus 8.2. Once formAuthEnabled set to true, I ran into another issue - it often goes to the login windows instead of report parameter page. To make application work, so we disable formAuthEnabled.

but without form login, we are unable to access admin console to import/export reports.

then how do we prevent this?

This message has been edited. Last edited by: yehf,